Cyber attack is what every business fears.

But it is not just government and large corporates that are subject to the threat of a cyber attack. Small businesses may also suffer cyber threats.

Over their lifetime, most small businesses will suffer losses because of the activities of cybercriminals.  This puts their money, data and IT equipment at risk. Data at risk include trade secrets, pricing, and client list. It also includes financial information, growth plans, product designs and manufacturing processes.

Every business, regardless of size, has an obligation to safeguard its data.  This is required under the Data Protection Act 2018 and General Data Protection Regulations (GDPR). Failing to meet these requirements will result in reputational damage, loss of trust and confidence as well as fines.

 

What might a Cyber attack look like?

Cyber attacks are criminal activities in which computer systems are targeted. This applies to networks or applications too.  Systems are hacked with the intention of theft, destruction, denial of service or demand for ransom.  Here are the top five cybersecurity threats to small businesses.

Phishing Attacks

The most common cyber attack on small businesses is phishing. Phishing attacks occur mostly through email communication. The attacker pretends to be a trusted or reputable source. They lure the user to click on malicious links or install malware with the intent to steal sensitive information. For example, login details, account details, user credentials and fraudulently requesting payment. Phishing may also take place through social engineering by targeting business owners and employees, to gain access to sensitive information.

Malware Attacks 

Malware is malicious software designed to cause harm.  Taking control of devices, locking devices, or making it unusable causing harm.  Malware attacks may also steal, delete, or encrypt data. can also cause harm. Gaining credentials and using services are also harms to add to the list. All of which may cost you money as a result.

Ransomware

Cyber criminals are very much aware of the fact that most small businesses may not have a robust backup management process in place. Ransomware denies access to computers.  They can also steal, encrypt, or delete the data. Ransomware may spread to other computers on the network. The attackers typically demand payment before they release the data. This leaves the businesses with two choices.  Either pay up or face disruptions to service due to the loss of data. Making ransom payments does not guarantee that the criminals will release the data.

Weak Passwords

The need for using multiple systems for business and personal use leads to the requirement for unique strong passwords.  This is required for each of these systems. There is the temptation to use one password.  Or a slight variant of it for accessing multiple systems or sites is great. But using weak passwords can lead to unauthorised access.  Thus, compromising the data.  Examples of data may include client confidential information.  It may also include sensitive information and financial records.

 

Insider Threats

Insider threats are risks caused by the actions of employees or people you work or have worked with.  For example, formal employees and associates.  It may also include contractors. The release of trade secrets may occur because of loss of data.  This may also include compromise of the integrity of data as well.

 

How to protect your business

Protecting your business against cyber-attacks does not need to be daunting. Implementing simple steps is easy to action and makes an enormous difference. It also contributes to making systems and the information contained in them as secure as possible.

Follow these top tips to proactively protect your business against cybercrime:

• Deploy reputable anti-virus and anti-malware software on all devices
• Use strong passwords on all devices, systems and to access services
• Implement two-factor authentication
• Secure Backup management
• Regular Software updates
• Training and cyber awareness for employees
• Clear data security policies and procedures
• Regular audit of internal controls
• Active and dynamic risk register

 

 

Cyber security insurance provides additional protection against cyber threats.  They also help with recovering from cyber incidents.

Small businesses need to be aware about data management and data security. They also need to be proactive to survive or minimise the impact of cyber-attacks on their business.

Be smart, Cyber aware and active in managing this business risk and feel confident.

 

Author: Mary Asante, Director| HRi